2010/6/26 Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx>: > Anatoly Muliarski wrote: >> >> I have a lot of VLANs( eth1.100-eth1.200) and I need to redirect >> specific IP frames arrived on them to VLAN eth1.9 on L2 level( as I >> cannot use routing for them ). The simple way is to create a bridge >> from all VLANs and filter out redirections to >> unwanted(eth1.100-eth1.200) VLANs. > > That will work. > > Do you need to do so for all your VLANs, or just some of them? Thank you for your response. Unfortunately, I need to redirect the traffic from all VLANs. In other words, the task comes to selective redirecting of the traffic from all VLANs to a specified one. The redirecting must be unidirected, only for the traffic that comes from all VLANs. > >> But this may cause preformance issues. Is there a finer solution? > > Could you get proxy ARP to work? Yes, it works now, but for the other purpose. > > In other words, why selectively extend your broadcast domains in to the > other when you might be able to extend individual systems in to multiple > broadcast domains (in a manner of speaking). That would work but I need to redirect traffic that is not destined to VLAN 9 and ARP-proxy trick does not work for this case. > > If you aren't modifying frames as they pass through your bridge, and the > only real thing that takes time to look through is your EBTables rules, I > don't think you will have a problem. - I've run multiple older slower > systems (P-II 233) doing similar things (and bi-directional NATing of source > and destination MAC addresses) for a multi-megabit DSL connection with out > any problems. - If you are worried about speed, pick up a current low end > workstation computer with with a decent network card. > > I'd say try it and see if the problem you are thinking about will even have > any impact on the equipment you are using. > > Depending on the amount of traffic you are working with, I'd suggest gigabit > connections to the switch. If it's really a lot of traffic, multiple > connections to segregate the traffic. Thanks for the ideas. I'll try it. The main problem is to avoid unnecessary bridging attempts for all VLANs( as it would waste CPU time for try to transmit a packet to a hundred VLAN ). Another way is to write a target extension to ebtables to replace a vlan tag to a desired one, but as I need to do it selectively I need ebtables' capabilities to analyze vlan-tagged packets and there are no ones ... Or to write something like a udp-broadcast-relay daemon... -- Best regards Anatoly Muliarski -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
